Security features - continued  
 
  5. Strong Passwords: Passwords must be strong. They must be at least 10 characters with numbers, letters, and symbols. However, we go much further than that. When you enter a password we do what is known as add salt to it. Salting a password means adding additional characters to your password before it is SHA512 hashed. Again we go even further than this. We salt each password by adding random characters of random length in a randon position before SHA512 hashing a password. By salting a password before hashing it means it would take trillions of years to find the reverse hash using even the best technology currently available. However, in the nearly impossible event that one password is reverse hashed, what they learned cracking one password will not work on any other password and the hacker would have to start from scratch on every other password!
 
  6. 5 Minute Lockout: After 5 failed login attempts the account is locked for 5 minutes preventing brute force attacks.
 
  7. SHA512 Password Hashing: User passwords are NOT stored in the database. Only a SHA512 hash of the password is stored. To make it even more secure, before hashing the password a random salt of random length is added to the password in a random position before performing the SHA512 hash. Also the salt is not stored anywhere. This also means that if a user forgets their password they can only request a link to reset their password. Once a password reset is sent to their email they must click the link in the email which contains a unique key in the url. The site verifies the key is the same one sent to the user. Once the key is verified they must also answer one of the security questions they provided an answer for when they created their account. Only then can they reset their password.
 
Next Page   |   Brochure TOC